Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In the second part of our breaking down the Elastic Global Threat Report series, we’re focusing on the credential access tactic, which was the third-most common category of behavior we observed. Roughly 10% of all techniques we saw involved one form of credential theft or another and dissecting this class of behaviors is helpful both to improve our understanding of threats and to better understand enterprise risks.

Elastic Security 8.7 helps security practitioners eliminate alert fatigue, reduce MTTR, and better secure cloud environments through integrated SIEM, cloud security, and endpoint security. This release includes the following new features that bring efficacy and efficiency to the modern security operations center (SOC): Security operations centers use SIEM, EDR, and cloud security solutions to detect malicious activity by analyzing their security-related events and information. . .

Migrating to a new security information and event management (SIEM) solution can feel like a daunting task, like moving to a new house. Over the years, a lot gets accumulated and sometimes is forgotten until found in a corner. This blog identifies steps you can take to reduce the pain typically associated with a migration, tools that can help along the way, and questions you should ask during each phase of a migration.

Vulnerability management (VM) is a challenging task. Of the three pillars of people, process, and technology, it is the latter that we have the most control over and that can make the greatest impact. We recognize that technology alone is not sufficient and must be accompanied by strong processes and skilled personnel. However, the right technology can greatly facilitate and improve the effectiveness of our vulnerability management efforts.

Free and open access is one of the core principles upon which Elastic was originally built and continues to operate. Our products are free to use, and much of our code is accessible in public source code repositories. In recent years, this commitment to transparency and availability has extended to our security offerings.

When we published the Elastic Global Threat Report in 2022, it included threat trends and correlations from our analysis of telemetry data shared by our users. In addition to telling us about how well features work for them, it also represents our visibility of the threat landscape. About 34% of the techniques we saw were related to defense evasion, which we believe is a direct result of endpoint security innovations.

According to Cybersecurity Ventures, it is estimated that 3.5 million security analyst positions remain unfilled. It’s no surprise, then, that more than a third of CISOs find the skills shortage to be their primary challenge, according to the ThoughtLab study Cybersecurity Solutions for a Riskier World.

Cyber attacks are becoming more frequent, targeted, and complex. When it comes to sophisticated attacks, one of the most commonly seen tactics is Lateral Movement. During lateral movement, many attackers try impersonating a legitimate user by abusing admin tools (e.g., SMB, SAMBA, FTP, WMI, WinRM, and PowerShell Remoting) to move laterally from system to system in search of sensitive information.

As the US Department of Defense’s (DoD’s) Software Modernization Strategy is put into place, agility, cloud adoption, and the software-factory methodology are top of mind. But according to a new study from the Hudson Institute, the DoD’s current approach to software and software updates isn’t fast enough to keep pace with modern warfare.

Elastic Security 8.6 helps security practitioners investigate and respond to threats quickly at cloud scale with SIEM, cloud security, and endpoint security. This release includes new data source integrations, expanded prebuilt detection content, and improved detection engineering and analyst workflows — bringing efficacy and efficiency to the modern security operations center (SOC).